This Week in Malware – Over Five Dozen More Packages Discovered
This week in malware we discovered and analyzed over five dozen packages flagged as malicious, suspicious, or dependency confusion attacks ... Read More
This Week in Malware – Almost 100 Packages
This week in malware we discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks ... Read More
This Week in Malware – A PyPI Phishing Follow-up Plus 120 Packages
This week in malware we discovered and analyzed 120 packages flagged as malicious, suspicious, or dependency confusion attacks. As a follow-up to our coverage last week, new details emerged regarding a phishing campaign that sought to steal account credentials of PyPI maintainers and lace their packages with malware ... Read More
This Week in Malware – 450 Packages and a Phishing Campaign Against PyPI Maintainers
This week in malware we discovered and analyzed 450 packages flagged as malicious, suspicious, or dependency confusion attacks.Also, this week a phishing email campaign targeted PyPI maintainers in attempts to compromise accounts and inject malware into the registry’s packages.Additionally, Sonatype’s director of information security explored the connection between security and ... Read More
This Week in Malware – Fileless Linux Cryptominer, 100 Packages
This week in malware we discovered and analyzed nearly 100 packages flagged as malicious, suspicious, or dependency confusion attacks.Notably, we uncovered a PyPI package that drops fileless Linux malware directly in memory to covertly run a cryptominer. Furthermore, our investigation revealed the threat actor published this malicious package under the ... Read More
